Login

Morovia Barcode ActiveX Control < 3.6.0 Arbitrary File Overwrite

High Nessus Plugin ID 35953

Synopsis

The remote Windows host has an ActiveX control that can be used to overwrite arbitrary files.

Description

The version of the Morovia Barcode ActiveX control installed on the remote Windows host allows overwriting of arbitrary files via calls to the control's 'Save' and 'ExportImage' methods. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to overwrite arbitrary files on the affected system subject to the user's privileges.